Securing information resources using web application firewalls

This paper provides an overview of core technologies implemented by comparably new products on the information security market web application firewalls. Web applications are a very widely-used and convenient way of presenting remote users with access to corporate information resources. They can, however, become single point of failure rendering all the information infrastructure inaccessible to legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web servers, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of the ISO/OSI model and serve as a controlling tunnel for all the traffic heading to and from a company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention, web application firewalls are equipped with various mechanisms of data exchange session «normality» control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means, such as denial of service, XSS injection and CRRF attack prevention. The ability to research and add user rules to be processed along with vendor-provided ones is important, since every company has its own security policy and, therefore, the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on broad practical experience of integrating web application firewalls into the security landscape of various organizations, their administration and customization. We illustrate our research into available filtering mechanisms and their implementations with exemplary product features by market leaders.